Computer networks and inter-networks have become commonplace as more and more people use them for work and play. Electronic mail, instant messages, streaming audio and video, collaborative forums and interactive games: these are just some examples of the constantly increasing number of computer network applications. With computer networks becoming integrated into everyday life, a demand has arisen for casual and intuitive networking, for example, the ability to access computer network resources without having to depend upon the assistance of a computer networking expert.
However, at the same time, at least one barrier to casual computer networking has arisen for interrelated reasons. As computer networks become integrated into everyday life, increasing amounts of confidential data are passed over and become accessible to those networks. The number of environments where it is appropriate to use insecure computer networks is rapidly diminishing, particularly in light of the popularity of wireless computer networks where the physical points of access are not necessarily obvious. It is common to find sophisticated security mechanisms even in residential networks. Security takes its toll on causal networking by adding addition layers of complication to already complicated network access procedures. Frustration with providing network access can result in security features being disabled or simply an outright access ban.
An example scenario has someone with a laptop or other network-ready device traveling away from home or work and visiting a location with a new network. To avoid elaborate secure network registration procedures, a local may provide their own network access credentials (e.g., username, password, and/or encryption key) to the visitor. This violates good security policy in several ways, for example, the visitor may identify as the local on the network (possibly giving the visitor overly broad network access) and, if efforts are not made to erase them, a copy of the network access credentials remain on the visitor's device. This is particularly problematic if the network charges for access to its resources.
One aspect of the problem with respect to configuration convenience is that the network access credentials are best provided “out-of-band,” that is, by some other method than the secure network for which access is sought. Often insecure network service is available before secure network service, but passing network access credentials over an insecure network is a security risk. Another complication is that configuring a device for access to a particular secure network typically requires more than just network access credentials, for example, there may be an entire associated network “profile” that is required by the network-ready device for optimal functionality. An example of such a network profile is a wireless profile as described in the Wireless Provisioning Service section of the Microsoft Developer Network (MSDN®) Library dated May 2004. The amount of data involved can make configuration, for example, via a phone call to a help desk, cumbersome and error prone.
It is possible that a new kind of network could be designed to overcome these difficulties, however, such a solution would fail to provide secure access to the vast base of existing networks. For maximum compatibility, configuration difficulties should be resolved, as much as possible, within the constraints of existing networking standards. Similarly, an optimal solution should not exclude a broad range of existing network-ready devices, for example by requiring a custom interface, and, in addition, should accommodate any additional layers of auto-configuration functionality, such as “plug-and-play” functionality, possessed by the device. Example details and context with respect to device auto-configuration functionality are described by the Plug and Play section of the Kernel-Mode Driver Architecture Design Guide in the Microsoft Developer Network (MSDN®) Library dated Jun. 14, 2004.